Streaming live at 10am (PST)

Webflow, your EU customers need a statement (Privacy Shield)

Yesterday the Privacy Shield Agreement was declared invalid by the European Court of Justice. Thus, since yesterday, the processing of all personal data of European users / customers processed on U.S. American servers is considered illegal for the time being. Already the IP of a website user is classified as personal data.

Basically we think the decision of the European Court of Justice with regard to international data protection is good, but this decision forces all European companies to renounce e.g. their American Software as a Service solutions like Webflow. And that, in turn, we do not think is a good thing at all. There is now great uncertainty among all your EU customers who host their customer websites via Webflow, for example.

Because of uncertainty, as a European agency hosting the client website via Webflow’s servers, we have to inform our clients that this is currently considered illegal. We can all well imagine how damaging this is to business.

But thanks to the EU standard data protection clauses, it is still possible to process personal data in a third country like (from our point of view) the USA.

Now we, your EU customers, need your help and Webflow’s official statement.

Do European users and customers of Webflow have the possibility to rely on the standard privacy clauses when using Webflow and hosting websites through Webflow?
And what about subcontractors like AWS & Fastly? Can the rights also be asserted against them?

We can only say from our point of view that we love Webflow and highly appreciate the transparency you provide regarding data protection. You were one of the few companies that provided us with a contract for commissioned data processing on demand, punctually on 23.05.2018, when the GDPR came into force, without any problems. At this point we would like to thank you again for this.

To venture a brief look into the future, I have the following 2 questions:
Does Webflow plan to establish a subsidiary based in the EU, which is responsible for legal issues within the EU?
And the 2nd question: Is it planned to develop an on-premise solution of Webflow or/and to restrict the use of hosting only on EU servers of AWS, if a user wants to do so?

With best regards from Germany,

Dennis from Vibrand Design

36 Likes

Yes, please give us a response on this @WebflowCommunityTeam

3 Likes

Have taken this issue to our support team and will keep you updated on a response. Thank you for flagging this.

1 Like

This is a critical question!
I am looking forward to your reply @WebflowCommunityTeam

4 Likes

Critical question indeed , I’d also be highly interested in this topic being a digital designer coming from Switzerland / Germany with every clients being EU based.

6 Likes

This is indeed á very critical question. As a Swiss based agency in Basel (near the German and French border) we are highly interested in this issue. We prefer a solution to restrict the use of hosting only on EU servers of AWS / Fasty.

7 Likes

As a Germany based startup founder who is close to product launch this topic is extremely frustrating. The possible solution to restrict the use of hosting only on EU servers would be the most sustainable and customer friendly solution for everyone. The EU won’t stop with this legal decision regarding data privacy. Therefore please consider a solution that gives your users/customers a sustainable long-term solution. We need legal security!

8 Likes

+1 for a reply please, Webflow team :slight_smile:

3 Likes

Hi everyone,

We are aware of the July 16, 2020 decision from the Court of Justice of the European Union, which invalidated the EU-U.S. Privacy Shield. In the coming days, Webflow will update our Data Processing Agreement (DPA) to provide all customers with an easy method to electronically sign Standard Contractual Clauses (documents approved by the European Commission for use in cross-border data transfer situations) with Webflow. As legally required, Webflow will continue to comply with its obligations to our customers and their users with respect to data received under Privacy Shield.

We are also working actively with our legal team to create a new DPA and will update the community once it’s live (we appreciate your patience as this update has many moving pieces and we are working as fast as we can to address this issue to the full extent). If you have any questions, please ask in this thread. Thank you!

18 Likes

Yes, as another EU provider using Webflow, we need an EU-only hosting option, thanks, Kieran.

3 Likes

I agree that an EU-hosting would be the best solution for your European customers. I only have 1 website BUT ironically it’s for an International Congress about Data Protection and Privacy CPDP. If no solution is offered we will have to move the site to another platform.

4 Likes

I also support the idea of Webflow hosting on EU territory. As a small, worldwide operating Swiss company, we decided to create the next version of our web presence with Webflow. We consider data protection and the right to privacy as a self-evident fact. Although we are a Swiss company and not directly subject to EU legislation (but EEA, https://webflow.com/legal/eu-privacy-policy), it always applies the law of the jungle, which is still the right of the strongest. In the affirmative, as well as the negative sense.

For this reason, we do not want to expose our clients and friends to legal uncertainty. The Privacy Shield USA-Switzerland is still valid, but it is, in part, nothing more than a minimal emergency backup. It always seems unclear what the legal viability of such agreements in a triangular relationship (EU visitors, non-EU company, US hosting, e.g.) is in the end. We have no desire and no resources to deal with the legal cease and desist industry (the German concept of “Abmahnung” stands for something between “official, written warning” and “cease-and-desist-order”; was probably intended as a simplified dispute resolution, but seems to have gotten entirely out of hand and quickly costs considerable amounts of money for legal support even in extreme and unjustified cases).

Thank you if you dedicate yourself to the legal damage limitation quickly and come up with a solution. And please do not forget the EU-Hosting. With some necessary extensions of the e-commerce functionality, we could then also offer a webshop via Webflow :star_struck:

10 Likes

Here is a clear call to action: transferring data from the EU to US servers is officially declared illegal. No grace period. Now its your turn: EU based servers? Fine. US based servers for EU customers? No way than leaving webflow.

3 Likes

Checking the privacy policy here https://webflow.com/legal/privacy directs EU and Swiss customers to the EU and Swiss privacy policy, which as of yet was last updated in 2018.

Some news on this would be great.

I can only speak for myself but I sold Webflow to clients and they are now waiting for me to deliver and I am having to stall while I wait for some info on this. Do I stay with Webflow or start learning a new platform?

2 Likes

I’m personally having to look at alternative hosting solutions for my customers due to a lack of action on Webflow’s part here (this obviously presents issues where use of the Webflow CMS is concerned!).

A new DPA simply won’t cut it. Clear, decisive guidance needs to be issued by Webflow - it’s been nearly two weeks, so I would have expected an official response (i.e. something more substantial than a forum post) from Webflow by now.

EU customers make up a huge portion of the userbase, as evidenced by this forum topic alone. Don’t leave us out in the cold here.

6 Likes

We really need to get an update on this topic asap.
What will be Webflow’s solution for your EU customers?

7 Likes

As described in many legal news and podcasts (i.e. here https://open.spotify.com/episode/3m69Tea4oe8hfulzm2C2le?si=4c2Hi1mcTCafvgQs5zlYag ) you need to provide „SCC plus“, means SCCs with further technical und legal measures. Hope you‘ll provide it soon, so that the current risks will be mitigated.

2 Likes

I agree that an hosting option for Europe will make institutional prospects happier. What happens with SCCs ? Do we have to communicate and ask signature to all our clients ? If so, it may open a highway of complaints.
Also, why is jquery not updated ? Is Webflow ditching Jquery towards something more RGPD compliant ?
Lot of questions unanswered.

@WebflowCommunityTeam
its been 2 weeks since your last comment.
are there any news?

6 Likes

We just launched our new company website with Webflow and every team member is extremely happy with collaborating within the tool.

Since the invalidation of the privacy shield we’re looking into hosting ourselves and just using Webflow for designing the site. This means again we’ll need our own deployment chain etc. And it will eventually be quite hard to justify spending money on Webflow.

I would really, really, really like to use Webflow ‘out of the box’ because it solves so many headaches and lets people collaborate seamlessly between different disciplines.

Having no real statement makes it really uncomfortable right now. Please let us now what is your road map.

7 Likes